Contao Manager und Nginx

[Midas1989]

Hallo Ich habe eine Frage zum Contao Manager.
Ich habe meinen Server auf nginx mit http/2 und fpm umgestellt und der Contao Manager öffnet nicht mehr.

Im nginx Log sehe ich folgenden Fehler
==> ../logs/error.log <==
2019/06/20 17:19:49 [error] 9302#9302: *284 open() "/usr/share/nginx/www.example.com/htdocs/web/contao-manager.phar.php/css/app.a45c6797.css" failed (20: Not a directory), client: 80.109.224.93, server: www.example.com, est: "GET /contao-manager.phar.php/css/app.a45c6797.css HTTP/2.0", host: "www.example.com", referrer: "https://www.example.com/contao-manager.phar.php/"

==> ../logs/access.log <==
80.109.224.93 - - [20/Jun/2019:17:19:49 +0200] "GET /contao-manager.phar.php/css/app.a45c6797.css HTTP/2.0" 404 174 "https://www.example.com/contao-manager.phar.php/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWt/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134"


Meine Nginx Confix sieht so aus:

Code:

server {
  listen 443 ssl http2;
  server_name www.example.com;
  root /usr/share/nginx/www.example.com/htdocs/web;

  rewrite ^/app\.php/?(.*)$ /$1 permanent;

  location / {
    index app.php;
    try_files $uri @rewriteapp;
  }

  location @rewriteapp {
    rewrite ^(.*)$ /app.php/$1 last;
  }

  location ~*  \.(jpg|jpeg|png|gif|ico|css|js)$ {
   expires 365d;
  }

   location ~ ^/(app|app_dev|config|install|contao-manager\.phar)\.php(/|$) {
    fastcgi_param PATH_INFO $fastcgi_path_info;
    fastcgi_param open_basedir "/usr/share/nginx/www.example.com/htdocs:/tmp:/usr/share/pear:/var/lib/php/session/";
    fastcgi_pass unix:/var/run/php-fpm/php-fpm-www.example.com.sock;
    fastcgi_split_path_info ^(.+?\.php)(/.*)$;
    include fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
  }


  ssl_certificate /etc/letsencrypt/live/www.example.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/www.example.com/privkey.pem;
  include snippets/ssl.conf;

  access_log /usr/share/nginx/www.example.com/logs/access.log;
  error_log /usr/share/nginx/www.example.com/logs/error.log error;

  rewrite ^(/.*)\.html(\?.*)?$ $1$2 permanent;

Ich hoffe jemand kann mir dabei helfen.

Danke und liebe Grüße

Midas

[Midas1989]

Vielen Dank ich habe den Fehler gefunden!!!

Eine funktionierende nginx Config für alle die es einmal benötigen:

Code:

server {
  listen 80;
  server_name www.example.com example.com;

  return 301 https://www.example.com$request_uri;
}


server {
  listen 443 ssl;
  server_name example.com;

  ssl_certificate /etc/letsencrypt/live/www.example.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/www.example.com/privkey.pem;

  include snippets/ssl.conf;

  return 301 https://www.example.com$request_uri;
}

server {
  listen 443 ssl http2;
  server_name www.example.com;
  root /usr/share/nginx/www.example.com/htdocs/web;

   location ~ ^/(app|app_dev|config|install|contao-manager\.phar)\.php(/|$) {
    fastcgi_param PATH_INFO $fastcgi_path_info;
    fastcgi_param open_basedir "/usr/share/nginx/www.example.com/htdocs:/tmp:/usr/share/pear:/var/lib/php/session/";
    fastcgi_pass unix:/var/run/php-fpm/php-fpm-www.example.com.sock;
    fastcgi_split_path_info ^(.+?\.php)(/.*)$;
    include fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
  }

  rewrite ^/app\.php/?(.*)$ /$1 permanent;

  location / {
    index app.php;
    try_files $uri @rewriteapp;
  }

  location @rewriteapp {
    rewrite ^(.*)$ /app.php/$1 last;
  }

  location ~*  \.(jpg|jpeg|png|gif|ico|css|js)$ {
   expires 365d;
  }

  ssl_certificate /etc/letsencrypt/live/www.example.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/www.example.com/privkey.pem;
  include snippets/ssl.conf;

  access_log /usr/share/nginx/www.example.com/logs/access.log;
  error_log /usr/share/nginx/www.example.com/logs/error.log error;

  rewrite ^(/.*)\.html(\?.*)?$ $1$2 permanent;

[-= Sid =-]

Hi, ich versuche es mit nginx und Deiner Konfiguration, allerdings bekomme ich nach dem Login von CM Beim zweiten Punkt einen Fehler:

"Serverkonfiguration
Die Prüfung ist aufgrund einer unerwarteten Server-Antwort fehlgeschlagen."

Hättest Du eine Idee, was der Fehler sein könnte oder wie man dahinter kommen könnte? Gibt es ein Logging/Fehlerbericht bei fehlenden PHP Modulen oder fehlerhafter Netzwerkkonfiguration?

Das ist unsere Konfiguration für den "testman" (Contao-Manager Testinstanz):

server {
listen 443 ssl http2;
server_name testman.unseredomain.de testman;
root /var/www/contaotest/web;

location ~ ^/(app|app_dev|config|install|contao-manager\.phar)\.php(/|$) {
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param open_basedir "/var/www/contaotest:/tmp:/usr/share/pear:/var/lib/php/session/";
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}

rewrite ^/app\.php/?(.*)$ /$1 permanent;

location / {
index app.php;
try_files $uri @rewriteapp;
}

location @rewriteapp {
rewrite ^(.*)$ /app.php/$1 last;
}

location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
expires 365d;
}

#include snippets/ssl.conf;
ssl_certificate /usr/local/share/ca-certificates/unserbundle.crt;
ssl_certificate_key /usr/local/share/ca-certificates/unserkey.key;
# rewrite ^(/.*)\.html(\?.*)?$ $1$2 permanent;
}

[Midas1989]

Hallo Sid,

habe leider deine Frage übersehen.

Kannst du deinen Fehler genauer erläutern?

Ich glaube du meinst die Location vom php binary file.
Du musst schauen wo dein php binary liegt und diesen Pfad angeben. wie ist dein php konfiguriert?
Wenn du mir die vhost und php-fpm pool config schickst kann ich dir villeicht weiterhelfen.

Desweiteren habe ich eine neuere Configuration welche optimal funktioniert.
Ich habe alle Configs zusammengeschrieben . Für normal habe ich hier einige includes.

Code:

 server {
   listen 80;
   server_name www.example.at example.at;

   return 301 https://www.example.at$request_uri;
 }


 server {
   listen 443 ssl;
   server_name example.at;

   ssl_certificate /etc/letsencrypt/live/example.at/fullchain.pem;
   ssl_certificate_key /etc/letsencrypt/live/example.at/privkey.pem;

   ssl_protocols TLSv1.3 TLSv1.2;
   ssl_prefer_server_ciphers on;
   ssl_dhparam /etc/nginx/dhparam.pem;6
   ssl_ciphers EECDH+AESGCM:EDH+AESGCM;
   ssl_ecdh_curve secp384r1;
   ssl_session_timeout  10m;
   ssl_session_cache shared:SSL:10m;
   ssl_session_tickets off;
   ssl_stapling on;
   ssl_stapling_verify on;
   resolver 1.1.1.1 8.8.8.8 valid=300s;
   resolver_timeout 5s;
   add_header Strict-Transport-Security "max-age=15768000; includeSubDomains" always;
   add_header X-Frame-Options "SAMEORIGIN";
   add_header X-Content-Type-Options nosniff;
   add_header X-XSS-Protection "1; mode=block";


   return 301 https://www.example.at$request_uri;
 }

 server {
   listen 443 ssl http2;
   server_name www.example.at;
   index index.php index.html index.htm;
   root /var/www/vhosts/example.at/htdocs/;

   rewrite ^/app\.php/?(.*)$ /$1 permanent;

   location / {
     index app.php;
     try_files $uri @rewriteapp;
   }

   location @rewriteapp {
     rewrite ^(.*)$ /app.php/$1 last;
   }


   location ~ ^/(app|app_dev|config|index|install|contao-manager\.phar)\.php(/|$) {
     fastcgi_param PATH_INFO $fastcgi_path_info;
     fastcgi_param open_basedir "/var/www/vhosts/example.at/htdocs/:/var/www/vhosts/example.at/tmp/:/var/www/vhosts/example.at/files/:/tmp:/usr/share/pear:/var/lib/php/sessions/:/var/www/vhosts/example.at/sessions/:/var/www/vhosts/example.at/htdocs/:/var/www/vhosts/example.at/phpcache";
     fastcgi_pass unix:/var/run/php/php7.4.sock;
     fastcgi_split_path_info ^(.+?\.php)(/.*)$;
     try_files $fastcgi_script_name =404;
     set $path_info $fastcgi_path_info;
     fastcgi_param PATH_INFO $path_info;
     fastcgi_index index.php;
     fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
     fastcgi_param  QUERY_STRING       $query_string;
     fastcgi_param  REQUEST_METHOD     $request_method;
     fastcgi_param  CONTENT_TYPE       $content_type;
     fastcgi_param  CONTENT_LENGTH     $content_length;
     fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
     fastcgi_param  REQUEST_URI        $request_uri;
     fastcgi_param  DOCUMENT_URI       $document_uri;
     fastcgi_param  DOCUMENT_ROOT      $document_root;
     fastcgi_param  SERVER_PROTOCOL    $server_protocol;
     fastcgi_param  REQUEST_SCHEME     $scheme;
     fastcgi_param  HTTPS              $https if_not_empty;
     fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
     fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;
     fastcgi_param  REMOTE_ADDR        $remote_addr;
     fastcgi_param  REMOTE_PORT        $remote_port;
     fastcgi_param  SERVER_ADDR        $server_addr;
     fastcgi_param  SERVER_PORT        $server_port;
     fastcgi_param  SERVER_NAME        $server_name;
     fastcgi_param  REDIRECT_STATUS    200;
     fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
   }

   location = /favicon.ico {
    log_not_found off;
    access_log off;
   }

   location = /robots.txt {
    allow all;
    log_not_found off;
    access_log off;
   }

   location ~*  \.(jpg|jpeg|png|gif|ico|css|js)$ {
     access_log        off;
     log_not_found     off;
     expires           30d;
   }

   open_file_cache          max=2000 inactive=20s;
   open_file_cache_valid    60s;
   open_file_cache_min_uses 5;
   open_file_cache_errors   off;

   client_max_body_size 100M;


   ssl_certificate /etc/letsencrypt/live/example.at/fullchain.pem;
   ssl_certificate_key /etc/letsencrypt/live/example.at/privkey.pem;

   ssl_protocols TLSv1.3 TLSv1.2;
   ssl_prefer_server_ciphers on;
   ssl_dhparam /etc/nginx/dhparam.pem;6
   ssl_ciphers EECDH+AESGCM:EDH+AESGCM;
   ssl_ecdh_curve secp384r1;
   ssl_session_timeout  10m;
   ssl_session_cache shared:SSL:10m;
   ssl_session_tickets off;
   ssl_stapling on;
   ssl_stapling_verify on;
   resolver 1.1.1.1 8.8.8.8 valid=300s;
   resolver_timeout 5s;
   add_header Strict-Transport-Security "max-age=15768000; includeSubDomains" always;
   add_header X-Frame-Options "SAMEORIGIN";
   add_header X-Content-Type-Options nosniff;
   add_header X-XSS-Protection "1; mode=block";

   access_log /var/www/vhosts/example.at/logs/access.log;
   error_log /var/www/vhosts/example.at/logs/error.log error;
 }

LG